Release: New -current Live ISO with Ragnarok Kernel Included

---

Starting with the latest release, the live ISO for the -current branch now includes Ragnarok's own build of the Linux kernel. This kernel is built with the full LLVM/Clang toolchain and builds in many hardening options, including Clang's Control Flow Integrity[1], which helps prevent bugs from turning into exploits, as well as the ThinLTO feature.

It also builds in most hardening options recommended by the Kernel Self Protection Project[2].

Aside from the extra features/hardening, this kernel flavour is the same as Debian's default, and is built using their Linux-source[3] package. Ragnarok's kernel config, as well as a diff showing the differences with Debian's, can be accessed in the kernel-build[4] repository.

Caveats

---

This kernel may be a bit less forgiving of faulty hardware and/or poorly written modules, which could potentially result in a kernel panic. For more details, see the "kernel" section in the bugs[5] page.

In any case, the standard Debian kernel is still present in the ISO and one can boot from it by selecting the "Live System (x11) - Debian Kernel" option at the grub menu, or typing 'live-x11-debkernel' then hitting 'Return' at the boot prompt if booting with isolinux.

Links

---

[1] Clang's CFI: https://clang.llvm.org/docs/ControlFlowIntegrity.html
[2] Kernel Self Protection Project: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[3] Debian's linux-source package information: https://packages.debian.org/bookworm/linux-source
[4] Ragnarok's kernel-build repo: https://github.com/RagnarokOS/kernel-build
[5] Bugs: https://ragnarokos.github.io/logs/bugs.html